Laravel 5.3.8 is now released with new improvements for testing by included new fakes for events, jobs, mail, and notifications.

Here is a quick look at how these new testing featurs work:

Laravel Events

Laravel now provides three helpers for mocking events. The first is expectsEvents method which verifies the expected events are fired, but prevents any listeners for those events from executing. The second is the inverse doesntExpectEvents to verify that the given events are not fired:

Laravel Spark, the commercial Laravel package that provides instant scaffolding for subscription billing, has just released v2.

The 2.0 release is a free upgrade for all license holders and it adds compatibility with Laravel 5.3 as well as deprecating the Spark installer in favor of using Composer directly.

This also adds dependency updates so it is compatible with both Echo and Passport that are new packages in Laravel 5.3.

The upgrade guide says you should review the entire Laravel 5.3 upgrade guide and make any changes to your application to reflect those changes. After that, there are no further code upgrades you need to make before using Spark 2.0.

Once you have completed applying the changes listed in the Laravel 5.3 upgrade guide, you are ready to upgrade your underlying Spark dependency.

When you’re working with Laravel, every installation includes a .env example file in your application’s root folder. This allows you to keep sensitive information out of version control and makes it easier to have different configurations based on the environment your application is running.

Brotzka .env-Editor is a third party package that aims to offer alternatives to the current manual way for editing Environment variables through .env file. It provides a graphical user interface to view, manage, backup and restore .env file. Plus it provides a lot of useful functions that can be used in your application to manage your .env file dynamically.

Now you have everything you need to start using the Brotzka .env-Editor.

Overview

If you opened .env-Editor configuration file config/dotenveditor.php, you will find two groups of settings, the first group is Path configuration which you can edit to specify the path for your project .env file and your .env files backup path:

Graphical User Interface

Now let’s access /enveditor via the browser to view Brotzka .env-Editor graphical user interface, you will see four different tabs:

1. Overview tab:

After you click the Load button to import your .env file contents, you will see your current Environment variables as key/value pairs. On the right column, there are action buttons to edit or remove any variable from the list.

2. Add New tab:

In the Add New you can create a new variable in your .env file easily by filling the fields and clicking the Add button.

3. Backups tab:

In the Backups tab, you can create a new backup of your .env file by clicking Create Backup button, bellow that there is a available backups list which have all your previous taken backups. And to the right of that list, you will find the action buttons which you can use to view, restore, download and delete a .env file backup.

4. Upload tab:

And the last tab is Upload, which provide the ability to restore a previous .env file backup by uploading it from your storage, be aware that this will override your currently active .env file.

Managing .env files from your code

Brotzka .env-Editor provides a lot of useful functions that you can access through an instance of the DotenvEditor class. For example, there are functions for getting the value of a given key, checking if a key exists, adding the new key-value pair, changing a value of a variable, creating/restoring backups and more…
You can take a look at all available functions on .env-Editor docs.

Here is an example of utilizing .env-Editor functions to manipulate the .env file:

That’s it, give Brotzka .env-Editor a try if you are looking for convenient ways to manage your .env file through your code or your browser. You can check out the source code of Brotzka .env-Editor at Github.

Consider the most typical of website layouts: a head at the top, a main section – possible consisting of a sidebar and primary content – in the middle, and then a footer stuck to the bottom. Traditionally, we’ve used floats to accomplish this layout. But the truth is that floats were never truly meant for this sort of thing. Luckily, again, there’s a better way. In this episode, we’ll discuss the justify-content property more, while reviewing the margin-top: auto trick.

ZF2016-03: Potential SQL injection in ORDER and GROUP functions of ZF1

The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained
prone to SQL injection when a combination of SQL expressions and comments were
used. This security patch provides a comprehensive solution that identifies and
removes comments prior to checking validity of the statement to ensure no SQLi
vectors occur.

The implementation of ORDER BY and GROUP BY in Zend_Db_Select of ZF1 is
vulnerable by the following SQL injection:

This security fix can be considered an improvement of the previousZF2016-02 andZF2014-04 advisories.

As a final consideration, we recommend developers either never use user input
for these operations, or filter user input thoroughly prior to invokingZend_Db. You can use the Zend_Db_Select::quoteInto() method to filter the
input data, as shown in this example:

Action Taken

We fixed the reported SQL injection by removing comments from the SQL statement
before passing it to either the order() or group() methods; this patch
effectively solves any comment-based SQLi vectors.